HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 31 guests online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Web Applicationsarrow Differences in pen testing aspx to php apps
EH-Net
May 25, 2013, 07:15:41 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Differences in pen testing aspx to php apps  (Read 5522 times)
0 Members and 1 Guest are viewing this topic.
ethicalhack3r
Full Member
***
Offline Offline

Posts: 139


View Profile WWW
« on: June 17, 2009, 08:35:51 AM »
Hello,
I have done all of my pen testing in the past on PHP web apps. I was wondering what differences there are between pen testing a PHP app to an ASPX one.

Thanks in advance,
Ryan
Logged
timmedin
Sr. Member
****
Offline Offline

Posts: 469



View Profile WWW
« Reply #1 on: June 23, 2009, 08:22:39 AM »
I would say not a ton of difference, but you do get some good info if you know it is php vs apsx. The dotNET framework has built in XSS protection and the flaws in each version can be found online. This will greatly help you in your attack.

Knowing which it is running can help speed up the test since you can make some assumptions about the underlying OS and RDMS. Don't forget these are assumptions and should be treated as such. A big problem I have seen is people following assumptions as if they are truth.

If it is running dotNET code you know it is windows and there is a much higher probability of the underlying database being MSSQL. If the server is running php the server is most likely a flavor of linux and more likely to have an open source RDMS backend such as MySql or Postgres. These are useful for exploiting a SQL injection vulnerability or accessing local resources if you find a local file include vulnerability.
Logged
twitter.com/timmedin | http://blog.securitywhole.com
ethicalhack3r
Full Member
***
Offline Offline

Posts: 139


View Profile WWW
« Reply #2 on: June 23, 2009, 08:35:33 AM »
Thanks for the reply!

I suppose that the same vulnerabilities exist however the exploitation and remediation are different from PHP. I had a suspicion that .NET had built in anti code injection, et al functions.
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.073 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Free Business and Tech Magazines and eBooks

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.